DeFi aggregator raided by five hackers launch day

Four malicious hackers and also a single white-hat have gone into town on ForceDAO during its launching.
Fledgling decentralized fund protocol ForceDAO has long had a rough beginning, with various incursions from hackers occurring only hours after it launched.The Ethereum-based yield aggregator had only just launched its airdrop campaign on April 3 if four malicious”black-hat” hackers were able to drain a total of 183 ETH worth approximately $367,000 at the time. 1 friendly”white-hat” hacker alsassisted the group by alerting them to prevent additional losses.The group has released a post-mortem of the attacks and taken responsibility for what it termed as a”engineering oversight.” POST-MORTEMTo that the Force and also DeFi community, we want to discuss a post-mortem on the current xFORCE exploit.Thanks to everyone technical and non judgmental who assisted along the way.Especially into the White Hat that helped deter FORCE getting drained.https://t.co/MK2GH69yLd– Force (@force_dao) April 4, 2021

Observing the incursion, the group made a choice to transfer 60 million FORCE tokens from the treasury multi-signature wallet into a deployer pocket to make and implement three votes which would effectively burn off the FORCE balances in three of the hackers’ addresses.The post-mortem explained that the xFORCE platform affected was a branch of a SushiSwap smart-contract comprising a mechanism to revert tokens in case of failed transactions. The protocol describes xFORCE since the”interest-bearing” version of FORCE, representing stocks in its pools very similar to how LP tokens get the job done. A defect in the contract used by ForceDAO allowed the attackers to exploit this mechanism to mint xFORCE tokens which were subsequently withdrawn and exchanged for ETH on the niches. The group declared that the attack would have been relatively easy to prevent. “This could’ve been prevented by using a standard Open Zeppelin ERC-20 or even including a safeTransferFrom wrapper from the xSUSHI contract.” It added that the hack has been now under investigation since a number of the speeches originated from the popular exchanges FTX along with Binance. A snapshot will be taken along with the undertaking will be re-launched using a brand new xFORCE market, it added.Following the launching and also airdrop, FORCE token costs surged to over $2 on Apr. 4, but have since crashed over 95% to $0.05 at the time of writing.

Relevant news

Leave a Reply